Privacy Policy
Last Updated: March 23, 2026
Effective Date: March 23, 2026
This Privacy Policy explains how ParseSphere ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our website at parsesphere.com, our Workspace application, our Parse API, and any related services (collectively, the "Service").
We designed this policy to be transparent about our actual data practices, including how your documents are processed using artificial intelligence. If you have questions, contact us at the addresses listed in Section 14.
1. Who We Are
ParseSphere is an AI-powered document intelligence platform. Users upload business files — PDFs, spreadsheets, Word documents, presentations, scanned invoices, contracts, and images — into shared workspaces, then ask questions in plain English and receive auditable answers with source citations.
| Legal entity | ParseSphere Inc., incorporated in the State of Delaware |
| Registered address | 611 South DuPont Highway, Suite 102, Dover, DE 19901, United States |
| Country of incorporation | Delaware, United States |
| Website | https://parsesphere.com |
| General contact | support@parsesphere.com |
| Sales inquiries | sales@parsesphere.com |
| Privacy inquiries | support@parsesphere.com |
| Data Protection Officer | Dowon Cha — support@parsesphere.com |
2. Information We Collect
We collect information in several categories depending on how you interact with our Service.
2.1 Account Information
When you create an account, our authentication provider Clerk collects and shares the following with us:
| Data field | Stored by ParseSphere | Notes |
|---|---|---|
| Clerk user ID | Yes (in our database as primary account identifier) | Persistent |
| Email address | No (retrieved from Clerk API on demand for billing and display; passed to Stripe when creating a billing customer) | Not stored in our user database |
| First and last name | No (retrieved from Clerk API on demand for display in member lists and admin tools) | Not stored in our user database |
| Profile image URL | No (retrieved from Clerk API on demand for admin display) | Not stored in our user database |
| Phone number | Not actively processed | Available in Clerk profile but not retrieved by our application |
| Account status | Yes (active, deactivated, or deleted) | Managed via Clerk webhooks |
| Organization name | Yes | For workspace organization features |
2.2 Billing and Payment Information
We use Stripe for all payment processing. We store:
- Stripe customer ID (links your ParseSphere account to your Stripe billing profile)
- Stripe subscription ID
- Stripe payment intent IDs (for pay-as-you-go credit purchases)
- Transaction amounts, credit quantities, and status
We do not store, process, or have access to your full credit card number, CVV, or bank account details. All payment credentials are entered directly into Stripe's secure, PCI-compliant checkout interface (Stripe Embedded Checkout). Stripe handles card data entirely on their infrastructure.
2.3 Documents and Content You Upload
When you upload files to a workspace or via the Parse API, we store:
- The original file in encrypted cloud storage (Azure Blob Storage)
- File metadata: filename, file size, file type/extension, MIME type, number of pages, content hash (for duplicate detection)
- Extracted text content: the full text output from document processing (extraction, OCR where applicable)
- Text chunks: segmented portions of the extracted content used for search and AI retrieval
- Document images: images extracted from your files (stored in cloud storage with metadata in our database)
- Vector embeddings: mathematical representations of your content chunks and images, stored in our database for semantic search
- Document summaries: AI-generated summaries of your uploaded files
- File versions: version history including blob storage paths, change summaries, and metadata
2.4 AI Interaction Data
When you use our AI question-answering, chat, or data analysis features, we store:
- Chat conversations: conversation titles and metadata
- Chat messages: your questions (natural language queries), AI-generated responses, tool call details, and execution metadata
- Image attachments: images you attach to chat messages (file metadata and blob storage URLs)
- Query logs: your natural language queries, SQL queries generated by the AI, error messages, dataset references, and token usage metrics
- Saved prompts: titles and content of prompts you save to your prompt library
2.5 Dataset and Analytics Data
When you upload or transform tabular data, we store:
- Dataset filename, description, and file metadata
- Schema metadata, column names, sample rows, and analytics metadata
- Parquet-format data files in cloud storage
- Dataset embeddings (text descriptions used for search)
- Dataset lineage records (source dataset names for transformed data)
Protection of Your Content
All customer-owned content — including uploaded documents, extracted text, AI interactions (chat messages, queries, responses), and datasets — is encrypted at rest and in transit. Access is scoped to your account and is only accessible through authenticated requests tied to your user or organization credentials. Access to production infrastructure, including databases and storage systems, is restricted to a minimal number of authorized personnel on a need-to-know basis for the sole purposes of maintaining system reliability, resolving technical issues, or responding to your support requests. All such personnel are bound by confidentiality obligations, and our internal policies prohibit accessing customer content except when operationally necessary.
2.6 Usage and Metering Data
We track platform usage for billing and quota enforcement:
- Usage events tied to your user ID, organization, and workspace
- Credit consumption per action (document processing, chat messages, API calls)
- References to specific resources consumed (documents, conversations, messages, parse jobs)
- Token usage metadata for AI operations
2.7 Device and Technical Data
We collect limited technical data:
- IP address: collected only transiently for rate limiting on our contact form (held in process memory for approximately 1 hour, not written to our database)
- HTTP headers: may be captured in server logs in the event of an unhandled server error (for debugging purposes)
- Request IDs: unique identifiers assigned to each API request for tracing and debugging
We do not systematically collect or store browser fingerprints, device IDs, or operating system information in our own systems. However, our analytics provider (PostHog) and authentication provider (Clerk) may collect standard browser and device information as described in their respective privacy policies.
2.8 Communications
When you contact us through our contact or support form, we collect:
- Your name
- Email address
- Company name (optional)
- Message content
- Form variant (support vs. sales inquiry)
This information is delivered to our team via email (Microsoft Graph / Microsoft 365) and is not stored in our application database. The submitter's email address is set as the reply-to address on the delivered email.
2.9 Newsletter Subscriptions
If you subscribe to our newsletter via the form on our website, we collect and store:
- Email address (in our application database)
- Subscription source (e.g., footer form, landing page)
- Subscription status (active or unsubscribed) and related timestamps
Newsletter subscriber data is stored separately from your account data. You can unsubscribe at any time by clicking the unsubscribe link included in every newsletter email.
2.10 API Key Information
If you use our Parse API, we store:
- API key name (user-provided label)
- API key hash (SHA-256 digest — we do not store the raw key after initial display)
- API key prefix (for identification)
- Last used timestamp
- Expiration date
2.11 Workspace Configuration
- Workspace name and description
- Agent memory (free-text configuration that may contain arbitrary information you provide)
- Authorization policies (access control rules for workspace members and shared conversations)
3. How We Use Your Information
We use the personal information we collect for the following purposes:
| Purpose | Description |
|---|---|
| Providing the Service | Processing your uploaded documents (extraction, OCR, chunking, vectorization), answering your questions using AI, generating document summaries, executing data queries, and delivering Parse API results |
| Account management | Creating and maintaining your account, authenticating your identity, managing organization memberships, and enforcing access controls |
| Billing and payments | Processing subscription payments, managing credit balances, tracking usage for metering, handling pay-as-you-go purchases, and providing invoices through Stripe |
| Analytics and service improvement | Understanding how the Service is used through aggregated analytics (PostHog), identifying feature adoption patterns, and improving our product |
| Security and fraud prevention | Rate limiting API and chat requests, validating API keys, detecting abuse, verifying webhook signatures, and maintaining audit logs |
| Legal compliance | Retaining billing and financial records as required by law, responding to legal requests, and meeting regulatory obligations |
| Transactional communications | Sending usage alerts (at 75% and 90% of credit limits), billing notifications, and account-related emails through Stripe |
| Support | Responding to your contact form submissions and support requests |
| Product updates | We may send you emails about new features, product updates, and improvements to the Service. You can opt out at any time via the Email Preferences section in your dashboard settings, or by clicking the unsubscribe link included in every marketing email |
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases:
| Purpose | Legal basis | Explanation |
|---|---|---|
| Providing the Service (document processing, AI Q&A, data queries) | Performance of a contract (Art. 6(1)(b)) | Necessary to deliver the service you signed up for |
| Account creation and management | Performance of a contract | Necessary to maintain your account and provide access |
| Billing and payment processing | Performance of a contract | Necessary to fulfill our subscription agreement |
| Security, rate limiting, and fraud prevention | Legitimate interest (Art. 6(1)(f)) | We have a legitimate interest in protecting our Service and users from abuse |
| Product analytics (PostHog) | Consent (Art. 6(1)(a)) | Analytics cookies are only loaded after you accept non-essential cookies via our consent banner. We also honor Do Not Track (DNT) and Global Privacy Control (GPC) browser signals |
| Admin audit logging | Legitimate interest | Ensuring accountability and security of administrative actions |
| Support communications | Performance of a contract / Legitimate interest | Responding to your requests |
| Legal compliance and financial record retention | Legal obligation (Art. 6(1)(c)) | Required by tax and financial regulations |
| Product update emails | Legitimate interest (Art. 6(1)(f)) | We have a legitimate interest in informing users about new features and improvements. You can opt out at any time via the Email Preferences section in your dashboard settings, or by clicking the unsubscribe link included in every marketing email |
5. AI and Automated Processing
ParseSphere uses artificial intelligence to process your documents, answer your questions, generate summaries, and provide data insights. This section describes what data is shared with external AI providers and how it is handled.
5.1 What Data Is Sent to AI Providers
In the course of providing the Service, portions of your data may be sent to the following external AI providers:
| AI provider | Data shared | Purpose |
|---|---|---|
| Anthropic (Claude) | Document text content, your questions, conversation history, image attachments, dataset metadata | Document processing, summarization, question-answering, data insights |
| Voyage AI | Document text content, document images, search queries | Semantic search |
Some processing steps (such as text extraction and OCR) are performed entirely on our own servers and do not involve external AI providers.
Important:
- Data sent to AI providers may include any information present in your uploaded files, including personal data contained within those documents.
- Your questions and conversation history are sent to Anthropic as part of the chat feature.
- We do not scrub personal information from document content before sending it to AI providers. If your uploaded documents contain personal data, that data may be included in what is sent.
- We do not include your account email, name, or other account profile information in AI requests.
5.2 AI Provider Data Policies
We maintain zero-training agreements with all of our AI providers. This means:
- No training on your data: None of our AI providers use your documents, queries, or any data submitted through our Service to train, fine-tune, or improve their models.
- Limited transient retention only: Some providers may temporarily retain API inputs and outputs for a short period (up to 30 days) solely for trust, safety, and abuse monitoring purposes, after which the data is automatically deleted.
- No resale or secondary use: AI providers do not use your data for any purpose other than generating the immediate response to our API request and the safety monitoring described above.
This applies to all AI providers we use:
- Anthropic (Claude) — zero-training; up to 30-day transient retention for safety monitoring, then deleted
- Voyage AI — zero-training API agreement
- Google (Gemini) — zero-training API agreement
5.3 Our Own Model Training
ParseSphere does not use your data to train our own AI models. We do not fine-tune, train, or otherwise build proprietary machine learning models using your documents, queries, or any other user content.
5.4 Automated Decision-Making and Accuracy
ParseSphere's AI features produce informational outputs only — document summaries, search results, question answers with citations, and data insights. These outputs:
- Are intended as analytical aids, not as binding decisions
- Do not produce legal effects or similarly significant effects on you
- May contain errors, omissions, or inaccuracies — AI technology is inherently probabilistic and can produce incorrect results
To support your review, ParseSphere provides source citations and direct references to the original documents alongside every AI-generated response. As with any AI-assisted tool, we recommend verifying outputs against the cited sources before relying on them for business, legal, or financial decisions. The ultimate responsibility for how AI-generated outputs are used rests with you.
ParseSphere is not a medical device and must not be used for medical advice, diagnosis, treatment decisions, or any clinical purpose. AI-generated outputs from ParseSphere are not a substitute for professional medical judgment. Do not rely on any output from the Service to make healthcare or medical decisions. If you require medical advice, consult a qualified healthcare professional.
6. Third-Party Service Providers
We share personal data with the following categories of service providers, each of which is contractually obligated to protect your data and use it only for the purposes we specify:
| Service | Category | Data shared | Purpose | Data location |
|---|---|---|---|---|
| Clerk | Authentication | User ID, email, name, profile image (managed by Clerk); session tokens | User registration, login, session management, organization management | United States |
| Stripe | Payments | Email address, subscription metadata, payment intent IDs, user ID | Subscription billing, pay-as-you-go credit purchases, invoicing, checkout | United States (Stripe processes globally) |
| Anthropic | AI / LLM | Document text content, user questions, conversation history, image attachments, dataset summaries | AI question-answering, document summarization, contextual enrichment, dataset insights | United States |
| Voyage AI | AI embeddings | Text chunks, document images, search queries | Semantic search vector generation | United States |
| Google (Gemini / Vertex AI) | AI image generation | Prompts, images | Image generation with zero data retention (ZDR) | Google Cloud (global endpoint) |
| Azure Blob Storage | Cloud storage | Uploaded files, extracted content, document images, dataset files | Primary file storage | United States (East US 2) |
| Azure PostgreSQL | Database | All application data (accounts, documents, embeddings, chat history, usage, etc.) | Primary database | United States (East US 2) |
| Azure Redis | Cache / queue | Celery task payloads, rate limit counters, ephemeral job state | Background task processing, rate limiting | United States (East US 2) |
| PostHog | Product analytics | Page views, click events, feature usage events, Clerk user ID, email (via identify), name | Product analytics, feature adoption tracking | United States (us.i.posthog.com) |
| Microsoft 365 (Graph API) | Email delivery | Contact form submissions (name, email, company, message) | Delivering contact form emails to our team | United States |
| LangSmith | AI observability | Trace metadata only (timing, token counts, model names). Prompt inputs and model outputs are not transmitted to LangSmith in production — only metadata is sent. | AI pipeline performance monitoring | United States |
Customer Webhook Deliveries (Parse API)
If you configure a webhook URL for Parse API callbacks, we will deliver extraction results (including extracted text, chunks, and table metadata) via HTTPS POST to the URL you specify. The data destination is determined by you and is outside our control.
We Do Not Sell Your Personal Information
We do not sell, rent, or trade your personal information to third parties for their own commercial purposes. We do not share your personal information for cross-context behavioral advertising.
Sub-Processor Changes
ParseSphere maintains the list of sub-processors in this Section. Before adding a new sub-processor that processes personal data or replacing an existing sub-processor with a materially different one, we will notify users via email at least 30 days in advance. If you object to the addition or replacement of a sub-processor on reasonable data protection grounds, you may notify us at support@parsesphere.com within the 30-day notice period, and we will work with you to find a reasonable resolution. If no resolution can be reached, you may terminate your account, and we will provide a pro-rata refund of any prepaid fees for the unused portion of your subscription.
Disclosure in Response to Legal Process
We may disclose personal data when we have a good-faith belief that disclosure is required by applicable law, regulation, legal process, or governmental request (including subpoenas, court orders, or national security requests). Where legally permitted, we will notify you before such disclosure so that you may seek a protective order or other appropriate remedy. We evaluate each request to ensure it is legally valid, appropriately scoped, and consistent with applicable law. We do not voluntarily provide government agencies with direct access to our users' data.
7. Cookies and Tracking Technologies
7.1 Cookies and Local Storage We Use
| Category | Provider | Type | Duration | Purpose |
|---|---|---|---|---|
| Authentication cookies | Clerk | Essential | Session | Required to keep you logged in and manage your session. These cookies are set on our domain by our authentication provider. |
| Payment cookies | Stripe | Essential | Per Stripe policy | Set by Stripe during checkout for fraud prevention and payment processing. See Stripe's cookie policy. |
| Analytics cookies and storage | PostHog | Analytics (requires consent) | Up to 365 days | Used to understand how the Service is used and improve our product. Includes a cross-session identifier cookie and local storage for session data and configuration. Only loaded after you accept analytics cookies via our consent banner. PostHog is configured to anonymize IP addresses before storage — full IP addresses are not retained by PostHog. |
| Preferences storage | ParseSphere | Functional | Until cleared | Stores your UI preferences (theme, dismissed tooltips) and cached application state in your browser's local storage to improve your experience. |
7.2 How to Manage Cookies
Browser settings: You can configure your browser to refuse all or certain cookies, or to alert you when cookies are being set. Instructions vary by browser:
If you disable essential cookies (Clerk authentication), you will not be able to log in to the Service.
Local storage: You can clear local storage through your browser's developer tools or settings.
7.3 Do Not Track
PostHog is configured with respect_dnt: true in our application. If your browser sends a Do Not Track (DNT) signal, PostHog will not collect analytics data from your session.
7.4 Global Privacy Control (GPC)
We honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal (Sec-GPC: 1 / navigator.globalPrivacyControl), we treat it as a request to opt out of non-essential analytics cookies. Analytics (PostHog) will not be loaded, and your consent status will be set to "declined" automatically. You can still manually enable analytics cookies at any time via the cookie preferences panel.
7.5 Cookie Consent
When you first visit our Service, we present a cookie consent banner that allows you to accept or decline non-essential cookies (such as analytics). Essential cookies required for authentication and core functionality are always active. You can change your cookie preferences at any time via the "Cookie Settings" link in the site footer. Analytics cookies (PostHog) are not loaded until you explicitly accept.
8. Data Retention
We retain different categories of data for different periods based on their purpose and applicable legal requirements:
| Data category | Retention period | Basis |
|---|---|---|
| Account information (user ID, account status) | Duration of your account. After account deletion, a minimal anonymized record is retained for billing history and abuse prevention. | Contract performance; fraud prevention |
| Billing records (Stripe IDs, transaction records, subscription history) | Up to 7 years after the transaction | Legal obligation (tax and financial regulations) |
| Uploaded documents, extracted content, chunks, embeddings, images, and summaries | Until you delete them or your account is closed. When a document is deleted, all associated data (chunks, embeddings, images, summaries) is automatically removed. | Contract performance |
| Chat conversations and messages | Until you delete them or your account is closed | Contract performance |
| Query logs | Until your account is closed | Service improvement; debugging |
| Saved prompts | Until you delete them or your account is closed | Contract performance |
| Datasets and transformed data | Until you delete them or your account is closed | Contract performance |
| File versions | Previous versions expire 14 days after being superseded and are automatically deleted | Storage management |
| API keys | Until you delete them or they reach their expiration date | Contract performance |
| Usage/metering events | Duration of your account plus up to 24 months after account closure | Billing accuracy; dispute resolution |
| Contact form emails | Retained in our email system for up to 3 years from the date of the communication, or for the duration of any ongoing business relationship, whichever is longer. Emails are reviewed and purged periodically. | Customer support |
| Analytics data (PostHog) | Up to 1 year | Product improvement |
| Server and application logs | 30 days | Debugging; security monitoring |
| Azure blob backups | 30 days | Disaster recovery |
Deletion Process
- When you delete a document, all associated data — text chunks, vector embeddings, extracted images, and summaries — is automatically removed from our database. Associated files in cloud storage are also deleted.
- When you delete a dataset, its associated embeddings, lineage records, and cloud storage files are removed.
- When you close your account, your Stripe subscription is cancelled and your account is marked as closed, immediately revoking access. Your content data (documents, datasets, chat history, workspaces, vector embeddings, and associated cloud storage files) is automatically and permanently deleted within 30 days of account closure via a daily scheduled purge process. You will not be able to recover this data after deletion.
- Billing records are retained after account closure as required by tax and financial regulations.
- Anonymized and aggregated data may be retained indefinitely for statistical and analytical purposes, provided it cannot be linked back to any individual.
9. Data Security
We implement the following technical and organizational measures to protect your personal data:
Technical Measures
- Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest. Internal service connections are also encrypted.
- Authentication and authorization: All access requires valid credentials. We enforce role-based access controls at the workspace level and verify that users can only access their own data.
- API key security: API keys are cryptographically hashed before storage. The raw key is shown once at creation and is never stored.
- Infrastructure isolation: Production databases and caches are deployed in private networks and are not accessible from the public internet. Secrets are managed through a dedicated vault service.
- Input validation: All incoming data is validated against strict schemas before processing.
- Rate limiting: API endpoints are rate-limited to prevent abuse.
- Security headers: Our API and web application enforce industry-standard security headers to protect against common web vulnerabilities.
- Webhook security: All inbound and outbound webhooks are cryptographically signed and verified.
- Delegated credential handling: We never handle your passwords or payment card details directly. Authentication is managed by Clerk and payment processing by Stripe.
Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:
- GDPR (EEA/UK): We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and notify affected individuals without undue delay where there is a high risk.
- US state laws: We will notify affected individuals and relevant state attorneys general within the timelines required by applicable state law (typically 30–60 days).
- All users: Regardless of your jurisdiction, ParseSphere commits to notifying affected users within 60 days of confirming a breach involving their personal data, unless a law enforcement agency requests a delay in notification. Notifications will be sent to the email address associated with your Account and will describe the nature of the breach, the categories of data affected, and the measures taken or proposed in response.
No method of electronic transmission or storage is 100% secure. While we implement commercially reasonable security measures, we cannot guarantee absolute security. We encourage you to use strong passwords, protect your API keys, and promptly report any suspected unauthorized access.
10. Your Privacy Rights
Depending on your location, you may have some or all of the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you
- Correction — Request that we correct inaccurate personal data
- Deletion — Request that we delete your personal data (subject to legal retention requirements)
- Data portability — Request a machine-readable export of your personal data (account information, workspaces, document metadata, chat conversations, saved prompts, query logs, and usage history). Original uploaded files can be downloaded individually from the Service before account closure.
- Withdraw consent — Where processing is based on consent (e.g., analytics cookies), withdraw it at any time
- Restriction — Request that we restrict processing in certain circumstances. If you exercise this right, we will continue to store your data but will suspend active processing (including AI processing of your documents, generation of embeddings, and inclusion of your content in search results) until the restriction is lifted or the dispute is resolved. You will retain read-only access to your existing data during the restriction period.
- Objection — Object to processing based on legitimate interests
- Appeal — If we deny a request, you may appeal the decision
For EEA, UK, and Swiss residents: You also have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA authorities is available at edpb.europa.eu. UK residents may contact the ICO. Swiss residents may contact the FDPIC.
For California residents: See Section 15.1 for the detailed CCPA/CPRA categories disclosure.
Important clarifications:
- We do not sell your personal information or share it for targeted advertising. No opt-out is required, but we will honor one if received.
- We do not use AI to make decisions that produce legal or similarly significant effects on you. Our AI features are informational aids only.
- We will not discriminate against you for exercising any of your privacy rights.
How to Exercise Your Rights
To exercise any of the rights described above, email us at support@parsesphere.com. We may need to verify your identity before processing your request.
Response timelines:
- GDPR: Within 30 days (extendable by 60 days for complex requests, with notice)
- CCPA/CPRA and US state laws: Within 45 days (extendable by 45 days, with notice)
If we deny your request, we will explain why and how to appeal.
11. International Data Transfers
Our infrastructure is hosted on Microsoft Azure in the United States (East US 2). Your data may also be processed by the third-party providers listed in Section 6, all of which are currently located in the United States.
If you are located in the EEA, UK, or Switzerland, your personal data is transferred to the United States. All data is encrypted in transit and at rest, and our sub-processors are contractually required to protect your data. Each of our third-party providers maintains its own data transfer safeguards, which may include EU Standard Contractual Clauses (SCCs) and/or certification under the EU-US Data Privacy Framework (DPF). For details on a specific provider's transfer mechanisms, please refer to their privacy policy linked below:
In addition to provider-level safeguards, all data transmitted to and from our Service is encrypted in transit and at rest.
12. Children's Privacy
ParseSphere is a business-focused document intelligence platform and is not directed at children under the age of 16 (or the applicable age of digital consent in your jurisdiction).
We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at support@parsesphere.com.
If we discover that we have collected personal data from a child under 16 without appropriate parental consent, we will take prompt steps to delete that information from our systems. Please contact us at support@parsesphere.com if you become aware of such a situation.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.
When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will notify you via email to the address associated with your account
- We encourage you to review this policy periodically
Your continued use of the Service after changes become effective constitutes acceptance of the revised policy. If you do not agree with the changes, you should stop using the Service and delete your account via dashboard settings.
14. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices:
| General support | support@parsesphere.com |
| Sales | sales@parsesphere.com |
| Privacy inquiries and rights requests | support@parsesphere.com |
| Mailing address | 611 South DuPont Highway, Suite 102, Dover, DE 19901, United States |
If you are in the EEA, UK, or Switzerland and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.
15. Jurisdiction-Specific Disclosures
15.1 California CCPA/CPRA Disclosure
The following table describes the categories of personal information we collect, as defined by the CCPA/CPRA, along with examples, business purposes, and categories of recipients:
| CCPA Category | Examples from ParseSphere | Business purpose | Categories of recipients |
|---|---|---|---|
| A. Identifiers | Clerk user ID, email address, name, organization name, API key prefix, internal user IDs | Account management, authentication, billing, support | Clerk, Stripe, PostHog, Microsoft 365 (contact form) |
| B. Personal information under Cal. Civ. Code § 1798.80 | Name, email address (from Clerk), financial information (Stripe customer/subscription IDs — not full card numbers) | Billing, account management | Stripe, Clerk |
| C. Protected classification characteristics | None intentionally collected | N/A | N/A |
| D. Commercial information | Subscription plan, credit purchases, usage metering records, payment transaction history | Billing, service delivery, usage tracking | Stripe |
| E. Biometric information | None collected | N/A | N/A |
| F. Internet or network activity | Page views, feature usage events, clicks (via PostHog); IP address (transient, for rate limiting only) | Product analytics, security | PostHog |
| G. Geolocation data | Not systematically collected (IP-based geolocation may be inferred by PostHog) | Analytics | PostHog |
| H. Sensory data | Document images, uploaded photos/scans | Document intelligence service delivery | Azure Blob Storage, Voyage AI (image embeddings), Anthropic (vision features) |
| I. Professional or employment-related information | Company name (contact form, optional); professional documents uploaded by users | Service delivery, support | Azure Blob Storage, AI providers (document processing) |
| J. Non-public education information | None intentionally collected (may appear in uploaded documents) | N/A | N/A |
| K. Inferences | AI-generated document summaries, search results, query responses, dataset insights | Service delivery | Anthropic (generates inferences), stored in our database |
| L. Sensitive personal information | Account login credentials (managed by Clerk); contents of uploaded documents and communications | Authentication, service delivery | Clerk (credentials), AI providers (document content) |
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes other than those permitted under CCPA § 1798.121.
Shine the Light: California residents may request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information for third-party direct marketing.
15.2 EEA, UK, and Swiss Residents
| Data controller | ParseSphere Inc., 611 South DuPont Highway, Suite 102, Dover, DE 19901, United States |
| Data Protection Officer | Dowon Cha — support@parsesphere.com |
| Legal bases for processing | See Section 4 |
| International transfers | See Section 11 |
| Supervisory authority | EEA residents may find their supervisory authority at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO). Swiss residents may contact the FDPIC. |
15.3 Other US State Residents
If you reside in a state with a comprehensive privacy law (Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Tennessee, Indiana, Iowa, Delaware, New Hampshire, New Jersey, Nebraska, Maryland, Minnesota, and others effective through 2026), your rights are described in Section 10. To exercise your rights, follow the instructions in How to Exercise Your Rights.
If we deny your rights request, most state laws provide a right to appeal. To appeal, contact us at support@parsesphere.com with the subject line "Privacy Rights Appeal." We will respond within the timeline required by your state's law (typically 60 days).